WordPress plugin WP Custom Widget area 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-6066

CVE-2023-6066 affects the WordPress plugin “WP Custom Widget area” versions 1.2.5 and earlier. The issue is that the plugin does not properly enforce capability checks and nonce validation on its AJAX action callbacks, which can allow an attacker with subscriber+ privileges to repeatedly create, ...

CVE-2023-6066 WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

PT-2024-14871 · WordPress · Wp Custom Widget Area

Name of the Vulnerable Software and Affected Versions: WP Custom Widget area WordPress plugin versions 1.2.5 and earlier Description: The issue arises from the plugin not properly applying capability and nonce checks on its AJAX action callback functions. This could allow attackers with subscribe...

WordPress Plugin WP Custom Widget area security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. PoC Log in as a subscriber, and paste any of the following fetch call in...

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...

WP Custom Widget area <= 1.2.5 - Missing Authorization

Description The WP Custom Widget area plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with...